Ritz Disposable Digital Camera Hacked

morgue-ann writes "The $10.99 Dakota reusable digital camera announced in July was usefully hacked on November 6. First attempts to extract picture data took 10 hours to read out 16MB, but new code for Linux and Mac and Windows lets you get pictures quickly over USB and view or print them without Ritz's help (and with fewer of your $$)."

Public key crypto explained

[finkployd]

Validation in public key crypto is a little different than what you are thinking.

There is ever only one key involved on each end, and they both have to be part of the same pair. In encryption you encrypt with the recipient's public key and they decrypt with their private key(*)

In validation (or digital signature) you take a hash of the message (usually SHA1) and encrypt that with your private key. Thus the only key capable of decrypting it is your public key (which everyone has). Remember with key-pairs what you do with one you can only undo with the other.
Anyway, the recipient creates their own hash of the message, decrypts your "signature" (which is an encrypted hash) and if the two match up, then they know it was signed by you and that it was not tampered with.

(*) Actually, public key crypto is painfully slow. What REALLY happens is a random symmetric key is chosen to encrypt the message, then the public key is used to encrypt the symmetric key. Decryption is the reverse, you decrypt the symmetric key with your private key, then use it to decrypt the message. This actually ends up being a lot faster than doing the whole thing with public key crypto. I left this out above to make it a little simpler.

Finkployd

For people who don't read articles

[BillX]

Actually, some of these points are not in the articles, and (not surprisingly) seem to be causing some confusion based on some of the comments I have seen above.

1) The cameras are purchased, just like any ordinary (non-digital) disposable camera. There is no rental agreement, nothing to sign, no deposit, etc. Some previous comments have asked about this. Also, the camera IS cheap; the hardware itself costs probably no more than $25-50 to manufacture, and likely pay for themselves in 1 or 2 processings. The big draw is that you can use them in potentially hazardous environments, and if it gets destroyed or stolen, this only sets you back $11 + a few minutes to solder a new connector into a new camera.

2) The batteries are changeable by the user - they are ordinary AA alkalines. They will last much longer than 1 25-picture cycle (I haven't yet managed to exhaust a set), but when they do run down, just open the battery cover and pop in fresh ones.

3) The sensor is actually 1.3 megapixels, not 2MP as claimed on the package.

4) The picture quality is mediocre - but not nearly as bad as these samples would have you believe (I don't know what happened to that guy's cam). Try the samples here and here (middle of page) for other samples. The biggest problem seems to be motion blurs from not holding the camera steady enough (the "shutter speed" is pretty slow). The other problem is that the lens is adjusted to be in-focus at some specific point probably between 4-12 feet from the camera. In practice, your subject will usually not be exactly at the in-focus distance. While you've got the camera open to solder in a little USB socket (or whatever), you can rotate the lens to adjust it for other distances, up to within an inch of the lens.

5) Concerns that this hack will be singlehandedly responsible for driving the cameras off the market, driving Ritz out of business, etc., seem largely unfounded. They will probably go off the market anyway - last time I was in Wolf Camera, the sales associates were actually warning people away from these cameras, saying that they would get slightly better image quality from the film disposables (for less $$, and 27 vs. 25 pictures - it's a no-brainer, come to think of it...)